diff --git a/src/http.c b/src/http.c
index 6a39f3b4..4fbfa460 100644
--- a/src/http.c
+++ b/src/http.c
@@ -145,6 +145,109 @@ static const char *cachemonths[12] = {
 };
 
 
+/**
+ * Escape characters that will interfere with xml. - https://github.com/andyb2000
+ *  sb1066's rss escape functions
+ * Count how many bytes str would contain if it would be rss escapped
+ */
+int
+http_escaped_len(const char *str)
+{
+  int i;
+  int len = 0;
+
+  for(i=0; i<strlen(str); i++) {
+    switch (str[i]) {
+    case '>':
+    case '<':  
+      len += 4;
+      break;
+
+    case '&':
+      len += 5;
+      break;
+      
+    case '\"':
+    case '\'':
+      len += 6;
+      break;
+      
+    default:
+      len++;
+      break;
+    }
+  }
+
+  return len;
+}
+
+
+/*
+ * http (xml) escape a string
+ */
+const char*
+http_escape(const char *str)
+{
+  static char buf[1024];
+  char esc[7];
+  int esc_len;
+  char *p;
+  char *p_end;
+  int len;
+  int i;
+
+  len = http_escaped_len(str);
+  len = MIN(len, sizeof(buf) - 1);
+
+  p = buf;
+  p_end = buf + len;
+
+  memset(buf, 0, sizeof(buf));
+
+  for(i=0; i<strlen(str); i++) {
+
+    switch (str[i]) {
+    case '<':  
+      strcpy(esc, "&lt;");
+      break;
+
+    case '>':
+      strcpy(esc, "&gt;");
+      break;
+
+    case '&':
+      strcpy(esc, "&amp;");
+      break;
+
+    case '\"':
+      strcpy(esc, "&quot;");
+      break;
+
+    case '\'':
+      strcpy(esc, "&apos;");
+      break;
+
+    default:
+      esc[0] = str[i];
+      esc[1] = 0;
+      break;
+    }
+
+    esc_len = strlen(esc);
+
+    if(p_end < p+esc_len)
+      break;
+
+    strcpy(p, esc);
+    p += esc_len;
+  }
+
+  p[len] = '\0';
+
+  return buf;
+}
+
+
 /**
  * Transmit a HTTP reply
  */
diff --git a/src/http.h b/src/http.h
index 2a29b8a9..cbf1bdb6 100644
--- a/src/http.h
+++ b/src/http.h
@@ -139,4 +139,7 @@ int http_access_verify(http_connection_t *hc, int mask);
 
 void http_deescape(char *s);
 
+int http_escaped_len(const char *str);
+const char* http_escape(const char *str);
+
 #endif /* HTTP_H_ */
diff --git a/src/webui/simpleui.c b/src/webui/simpleui.c
index 5fc86e39..ceeb0fde 100644
--- a/src/webui/simpleui.c
+++ b/src/webui/simpleui.c
@@ -358,7 +358,6 @@ page_pvrinfo(http_connection_t *hc, const char *remain, void *opaque)
   return 0;
 }
 
-
 /**
  * 
  */
@@ -426,10 +425,10 @@ page_status(http_connection_t *hc,
 		     b.tm_hour, b.tm_min, 
 		     de->de_stop, 
 		     de->de_stop_extra, 
-		     lang_str_get(de->de_title, NULL));
+		     http_escape(lang_str_get(de->de_title, NULL)));
 
       rstatus = val2str(de->de_sched_state, recstatustxt);
-      htsbuf_qprintf(hq, "<status>%s</status></recording>\n", rstatus);
+      htsbuf_qprintf(hq, "<status>%s</status></recording>\n", http_escape(rstatus));
       cc++;
       timeleft = -1;
     }